Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

St. Louis Public Library Recovers from Ransomware Attack

Services are being restored to the St. Louis Public Library computer system after a ransomware attack impacted access to machines and data at all 17 branches.

Services are being restored to the St. Louis Public Library computer system after a ransomware attack last Thursday impacted access to machines and data at all 17 branches.

Library management refused to pay the $35,000 demanded as ransom, and IT staff wiped affected servers and restored them from available backups.

On Friday, the library was able to restart its circulation workflow, and patrons were able to check out books at all locations. By Saturday, checkout and returns systems were at 100 percent availability, and now only the library’s reserve system remains to be restored. That work began on Monday and is expected to be up and running shortly.

Executive director Waller McGuire said the library immediately reached out to the FBI for help with the investigation, and it’s not clear where the infection began, nor how it spread throughout the library network.

“The real victims of this criminal attack are the Library’s patrons. SLPL has worked hard to open a secure but widely available digital world to the people of St. Louis, and I am sorry it was interrupted,” McGuire said in a letter to library patrons published on Monday. “An attempt to hold information and access to the world for ransom is deeply frightening and offensive to any public library, and we will make every effort to keep that world available to our patrons.”

McGuire also said that patrons’ personal and financial information is not stored on its servers, and none of that data was impacted by the attack. Wi-Fi services at the respective branch were not interrupted and the library’s website and databases offering books, movies and music downloads were also not impacted.

“St. Louis Public Library has been working with the FBI to identify how criminals broke into our system and correct the problem,” McGuire said. “I apologize to patrons for any inconvenience this incident has caused: on most days thousands of St. Louis Public Library patrons check out materials and use computers for many purposes.”

A request for additional comment from McGuire was not returned in time for publication. It’s unknown which ransomware family was used to attack the library, nor how the infection started. McGuire said in his letter to patrons that criminals broke into the library network and installed malware. This runs contrary to most ransomware infections where the malware is spread in spam or phishing emails enticing the victim to open a malicious email attachment or click on a link in the message that downloads the malware.

The St. Louis library is the latest in a growing list of high-profile businesses and public services falling victim to ransomware. Less than a year has passed since the Hollywood Presbyterian attack, in which a $17,000 ransom was paid, and the Kentucky Methodist Hospital attack, in which officials reportedly refused to pay. The University of Calgary also fell victim as have other colleges, universities, local law enforcement and government agencies, and entertainment organizations.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.